I'm not scared at all and could care less about building the image myself.
I'm also not 'entitled' because i'm doing this for another open source project we are now maintaining.
Just to be clear: THEY already have to maintain the docker image and it makes it less secure for EVERYONE if the community now needs to either find a new github repo/company building it for them or everyone has to build it themselves because they do not trust random companies.
There is a difference between having the official Min.IO image with a stamp of approval vs. forked repos with their version of the same image. The only thing fixing this kind of issue is a fingerprint and build caches.
They are removing the official container images because 1. this is the magic source of running your software in helm charts etc. so now you need to act 2. in some companies you are not allowed to use random container images
And you are complelty ignoring my arguments. Its not entitlement if a companies product becomes the industry standard due to Open Source and then doing a rug pull like this.
> Just to be clear: THEY already have to maintain the docker image and it makes it less secure for EVERYONE if the community now needs to either find a new github repo/company building it for them or everyone has to build it themselves because they do not trust random companies.
Wrong - it would be less secure if they did not share the source code and the Dockerfile along that too. As long as you take care to regularly update, where is the problem?
So just to be clear, they publish the docker image, they have an Github action which is basically free for them to build and release it into a free registry but they don't do it.
So i setup everything to do this on my github with their code and publish it on my package.
And you don't think this is stupid?
The problem is the critisim how they act and even if they release everything and its just building the image, you can't trust another source to upload the image someone else has build with this file. So now everyone has to build the same image.
The scenario you described is mainly just benefiting you. Whether Min.IO loses or wins something based on this decision, will remain to be seen. In either case they don't owe it either to me or to you to provide a built image, especially as they continue to provide the source, including the Dockerfile. In either case if in your setup you are not able to rebuild an image off of a Dockerfile, your setup is worth rethinking. Not to mention that on the security side, it's quite irresponsible to depend on an image from a public repo, without at least pulling it through an internal artifact management system with vulnerability scanning.
I'm also not 'entitled' because i'm doing this for another open source project we are now maintaining.
Just to be clear: THEY already have to maintain the docker image and it makes it less secure for EVERYONE if the community now needs to either find a new github repo/company building it for them or everyone has to build it themselves because they do not trust random companies.
There is a difference between having the official Min.IO image with a stamp of approval vs. forked repos with their version of the same image. The only thing fixing this kind of issue is a fingerprint and build caches.
They are removing the official container images because 1. this is the magic source of running your software in helm charts etc. so now you need to act 2. in some companies you are not allowed to use random container images
And you are complelty ignoring my arguments. Its not entitlement if a companies product becomes the industry standard due to Open Source and then doing a rug pull like this.